3DSC 2.10: Firefox Security & Privacy Add-ons

Firefox Security & Privacy Add-ons

Earlier this week I recommended that you install Mozilla Firefox and adjust its privacy and security settings, and yesterday I talked about installing NoScript. Both of these tasks have made Firefox much more private and secure. Today I will ask you to install three more Firefox security and privacy add-ons, and remove some others.

Difficulty: Easy
Active Time: 5 minutes
What it Protects You From: Man-in-the-middle attacks, packet sniffing (HTTPS Everywhere), browser tracking, forensic exploitation (Self-Destructing Cookies), online tracking (Disconnect)

Firefox Security & Privacy Add-ons

Add-ons are small plug-ins that that enhance an existing piece of software.  To install these add-ons follow the link provided.  On the resulting webpage click the green “Add to Firefox” button.

HTTPS EverywhereMany websites offer an encrypted (SSL) login page.  Unfortunately, many of these pages revert to a plain-text connection after you have logged in.  This can allow your ISP or a hacker to see what you are doing.  To prevent this, HTTPS Everywhere attempts to force an encrypted connection during your entire session, on any website that is capable of a secure connection.  HTTPS Everywhere is written by the Electronic Frontier Foundation (EFF), an advocacy group for online privacy.

Self-Destructing Cookies: Self-Destructing Cookies deletes cookies and locally stored objects (LSOs) on a by-tab basis. I wrote about Self-Destructing Cookies last spring; for more details check out that article.

Disconnect:  Disconnect is an anti-tracking application.  It is very lightweight and prevents websites from tracking your behavior and serving you certain requests.  I like Disconnect because it is incredibly lightweight but still very capable.  It is definitely not as capable as NoScript, and I include this add-on as a redundancy. Disconnect provides some privacy protection for those situations when we have to allow scripts to run, or those extremely rare instances when you disable NoScript completely.

Firefox Security & Privacy Add-ons

Additional Thoughts On Add-Ons

Non-Security/Privacy Add-ons: If you have been a Firefox user for a while, there is a good chance that you have some other add-ons in Firefox already.  I encourage you to reconsider any add-on that does not improve your security or privacy. Add-ons like those from Amazon.com, eBay, and Facebook are counterproductive to security and privacy.  Instead they give these services access to your browser.  If you have add-ons like this, please consider removing them.

Browser Fingerprinting: Installing add-ons will make your browser more distinctive. Each additional add-on you have makes your browser just a bit more unique. If everyone reading this sets their browser up EXACTLY in this configuration, everyone benefits because all of our browser fingerprints become more similar. To test your browser’s uniqueness, click HERE.

And with this we are finished with browser setup! Tomorrow we are going to move on to something new, so stay with me!

7 thoughts on “3DSC 2.10: Firefox Security & Privacy Add-ons”

  1. > Most add-ons are not about security or privacy, they are about features. Anyway, most add-ons (or is that just many ? we don’t know) will cease to function when Firefox “updates” to its Web Extensions system, later this year.

    > Avoiding browser fingerprinting by not using add-ons is a losing strategy. Making your browser dysfunctional in order not to be noticed is absurd. At some point, computing is about power. Making yourself powerless in order to be more powerful does not work. Besides, there are so many more things than add-ons that set a browser apart. What is the “standard”, non-noticeable configuration of a browser anyway ? And if someone has managed to publish one (which I’ve never seen), how often does it change ? And how do you keep up ? Avoiding browser fingerprinting (if possible at all) has to be done through evasion techniques, not by trying to be like everybody else. Because the whole point is that nobody is like everybody else.

    1. Please be courteous, and avoid throwing around words like “absurd”. My browser is not dysfunctional – I use it on a daily basis in the exact configuration that I describe for 99.9% of my online activity. And please don’t use vague, meaningless terms like “evasion techniques”. I don’t know what you’re referring to, and I’m sure no one else does either.
      I agree with you that avoiding fingerprinting may not be possible, but the goal is certainly not to look different than everyone else. So where does that leave us?

      1. Justin and Clairvaux please elaborate on the statement about add-ons becoming dysfunctional later this year?

        >most add-ons (or is that just many ? we don’t know) will cease to function when Firefox “updates” to its Web Extensions system, later this year<

        What will that do to specially-configured browsers (e.g. Mike Bazzell's OSINT browser)? Are we talking apples and oranges?

  2. Have you considered using random agent spoofer for anti-fingerprinting?

    Despite the name, it does much more than give you random user agents. It messes with displayed screen resolution, canvas data, referrers, and other things.

    I know you have concerns about it making you more identifiable and not less, but I don’t really see how it would do that. Unless I’m mistaken and websites can directly access lists of addons you have installed on your browser, the only way they’d be able to tell is if they could compare your profiles, and that presupposes them being able to track you already.

Leave a Reply

Your email address will not be published.